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1 Introduction 

The Chief Information Officer (CIO) at the U.S. Department of Education (the Department) has primary 
responsibility to ensure that Information Technology (IT) is acquired and information resources are 
managed in a manner consistent with statutory, regulatory, and Departmental requirements and 
priorities. The CIO provides management advice and assistance to the Secretary of Education and to 
other senior staff on information resources investment and operations. The CIO also promotes a shared 
corporate vision about the Department's information activities and provides services to effectively 
manage information and to provide value-added enterprise-wide systems and infrastructure. 

This Department Information Resources Management (IRM) Strategic Plan for FY 2010 - 2014 describes: 

• The relationship between the IT vision and the enterprise business goals and objectives 

• The set of value-added IT services delivered or planned to be delivered 

• The set of IT management processes and plans for ensuring the effective use of IT resources 
across the Department 

While the IRM Strategic Plan serves as the strategic document for the Office of the Chief Information 
Officer (OCIO), it is built from other more detailed strategic, operational and tactical plans of each 
information management element throughout the Department, ranging from enterprise architecture to 
E-Government. The IRM Strategic Plan describes what will be implemented over the planning horizon, 
while the other strategic, operational and tactical plans describe how these goals will be accomplished. 
Together, these plans allow the OCIO to ensure that IT activities are aligned with and supportive of the 
Department's mission and strategic goals. 

In addition, the Department recognizes the need to integrate external policies and directions as defined 
by Congress and the Administration into its IRM Strategic Plan. As such, the Department's IRM Strategic 
Plan responds to the Government Paperwork Elimination Act (GPEA) of 1988, the E-Government Act of 
2002, the Clinger-Cohen Act of 1996, the Federal Information Security Management Act (FISMA), Office 
of Management and Budget (OMB) Circular A-130, the Government Performance Results Act of 1993, 
and the Federal Enterprise Architecture. 

This document is the Department's IRM Strategic Plan. OMB Circular A-130 describes the IRM Strategic 
Plan as a management tool that is "strategic in nature and addresses all information resources 
management activities of the agency." The CIO is responsible for developing and maintaining the 
document as required by the Paperwork Reduction Act of 1995 (Public Law 104-13, Chapter 35 of Title 
44, U.S. Code). OMB Circular A-ll, Section 53, requires that the IRM Strategic Plan be submitted 
together with the Department's IT budget request. 
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2 Technology Goals 

The IRM Strategic Plan describes the three areas of primary technology goals for the Department: 

1 Portfolio Alignment - Ensure that the IT investment portfolio supports the Department's 
business mission objectives. 

2 Shared Technology Services - Orient OCIO as a provider of enterprise common services in 
addition to basic infrastructure services. 

3 Information and Technology Management - Ensure effectiveness of IT governance, data and 
information processing capabilities and technology utilization across the enterprise. 




| IRM Strategic Plan 




IT Strategic Goals 

/Vhat is ED Trying to Achiev 


e?” 


Portfolio Alignment 

“What needs to be done?” 

Ensure that the IT Investment 
portfolio supports the 
Department’s business mission 
objectives 


Shared Technology Services 

“What role will OCIO play?” 

Orient OCIO as a provider of 
enterprise common services 
beyond basic infrastructure 
services 


Information & Technology 
Management 

“How will ED do this effectively?” 

Ensure effectiveness of IT core 
competencies, fiduciary 
capabilities, and management 
processes 



Section 3 discusses IT portfolio alignment. In this section, the top-down and bottom-up alignment 
between the major IT investment portfolio and the Department's strategic goals is described, tying 
together the Department's organizational structure, mission, key programs, business capabilities 
required, and overall IT governance. 

Section 4 discusses IT shared services. This section describes the current and desired future state of IT 
shared services at ED. The management structure required to expand the OCIO IT shared services 
offering from technical infrastructure services to a broader range of services is also described. 

Section 5 discusses IT management. In this section, the key IT management processes of the 
Department are described together with a perspective of how these IT management processes are 
coordinated across the Department. 
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3 Goal One: Portfolio Alignment 
3.1 Mission and Strategic Goals 

The Department of Education is responsible for fulfilling its mission: 



Department of Education Mission 

“To promote student achievement and preparation for global 
competitiveness by fostering educational excellence and 
ensuring equal access. ” 



The Department's Strategic Plan 2007-2012 1 embodied four Department of Education strategic goals: 



Goal One: 

Goal Two: 
Goal Three: 

Goal Four: 



Department of Education Strategic Goals 

Improve student achievement, with a focus on bringing all students to grade level in 
reading and mathematics by 2014. 

Increase the academic achievement of all high school students. 

Ensure the accessibility, affordability, and accountability of higher education, and better 
prepare students and adults for employment and future learning. 

Cross-goal Strategy on Management 



Table 1. Department of Education Strategic Goals 



The Department's Strategic Goals are articulated through Strategic Objectives. The Department's 
current operating Strategic Objectives, as described in the Department's Strategic Plan, are depicted 
below in Table 2: 



1 U.S. Department of Education Strategic Plan 2007-2012 
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Table 2 Department of Education Strategic Goals, Objectives, and Strategies 2 



Strategic 

Goals 


Strategic Objectives 


Strategies (Representative Approaches) 




1.1 Improve student achievement in 
reading/language arts. 


1 Seek enactment of a bill that incorporates the key elements of Building on Results, the 
Department's blueprint for ESEA reauthorization. 


Goal One: 
Improve 


1.2 Improve student achievement in 
mathematics 


2 Assist states and LEAs in turning around schools in restructuring status or in need of 
improvement. 

3 Collect, analyze, and publicly disseminate disaggregated student information on a 
timely basis. 

4 Assist states in achieving their Individuals with Disabilities Education Act (IDEA) State 
Performance Plan (SPP) targets in reading and mathematics 


student 
achievement, 
with a focus on 
bringing all 
students to 
grade level in 
reading and 
mathematics 
by 2014. 


1.3 Improve teacher quality. 


1 Collect data and monitor performance to ensure that all states meet the goal of having 
all core academic classes taught by highly qualified teachers in school year 2006-07 
and beyond. 

2 Monitor states with substantial numbers of classes taught by non-highly qualified 
teachers, spurring these states to bring all teachers to highly qualified status as soon as 
possible. 

3 As states move toward ensuring that all teachers are highly qualified, monitor their 
efforts to determine that poor and minority children are not taught at 
disproportionate rates by unqualified, inexperienced, or out-of-field teachers. 

4 Encourage districts to reform educator compensation systems to reward their most 
effective teachers and to create incentives to attract their best teachers to high-need 
schools and hard-to-staff subjects. 




1.4 Promote safe, disciplined, and drug-free 
learning environments. 


1 Identify and disseminate information about the most effective practices that create a 
safe, disciplined, and drug-free school climate. 

2 Provide training and technical assistance to help achieve this objective. 



2 U.S. Department of Education Strategic Plan 2007-2012 
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Strategic 

Goals 


Strategic Objectives 


Strategies (Representative Approaches) 




1.5 Increase information and options for 
parents. 


1 Ensure adequate parental notification. 

2 Support charter schools. 

3 Encourage states and communities to provide choices to children attending 
underperforming schools. 

4 Provide support to states in implementing the choice and SES requirements of ESEA. 




1.6 Increase the high school completion rate. 


1 Help states and districts intervene early to get at-risk students back on track. 

2 Improve the skills of adolescents who struggle with reading and mathematics. 

3 Focus on the neediest schools. 

4 Increase learning options for students. 

5 Assist states in achieving their Individuals with Disabilities Education Act (IDEA) State 
Performance Plan (SPP) targets related to dropping out, completing school and post- 
school employment. 




1.7 Transform education into an evidence- 
based field. 


1 Develop or identify effective programs and practices for improving reading and writing 
achievement, mathematics and science achievement, and teacher quality and 
effectiveness. 

2 Disseminate information about the effectiveness of education programs and practices. 


Goal Two: 

Increase the 

academic 

achievement 

of all high 

school 

students. 


2.1 Increase the proportion of high school 
students taking a rigorous curriculum 


1 Increase access to AP courses nationwide. 

2 Increase the number of teachers qualified to teach AP and IB classes. 

3 Increase the number of students who complete the State Scholars Initiative 
curriculum. 

4 Identify and disseminate information on states that have increased their standards for 
graduation or that have rigorous high school end-of-course exams. 

5 Support states' implementation of additional high school assessments in mathematics 
and reading/language arts. 

6 Leverage the Academic Competitiveness Grant (ACG) program, rewarding high school 
students who increase the rigor of their studies. 

7 Collect and analyze data on AP access and success at local levels. 

8 Assist states in their implementation of the Perkins Career and Technical Education 
Improvement Act of 2006. 
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Strategic Strategic Objectives 

Goals 



2.2 Promote advanced proficiency in 

mathematics and science for all students. 



2.3 Increase proficiency in critical-need foreign 
languages 
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Strategies (Representative Approaches) 



1 Support projects expanding offerings and participation in advanced mathematics and 
science classes. 

2 Encourage grantees to offer incentives to teachers to become qualified to teach AP 
and IB courses in mathematics and science and to teachers whose students pass AP 
tests in those subjects. 

3 Promote greater investment by the business community in expanding AP and IB access 
and success 

4 Leverage the National Science and Mathematics Access to Retain Talent (SMART) grant 
program, rewarding postsecondary students who major in mathematics or science 
studies. 

5 Ensure student preparation for rigorous mathematics education in high school by 
investing in the Math Now program. 

1 Support projects expanding AP offerings, IB offerings and participation in critical-need 
languages. 

2 Encourage grantees to offer incentives, such as salary increments or bonuses, to 
teachers to become qualified to teach AP and IB courses in critical-need foreign 
languages and to teachers whose students pass AP tests in those subjects. 

3 Leverage the SMART grant program, rewarding postsecondary students who major in a 
critical-need foreign language. 
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Strategic Strategic Objectives Strategies (Representative Approaches) 

Goals 



Goal Three: 
Ensure the 
accessibility, 
affordability, 
and 

accountability 
of higher 
education, and 
better prepare 
students and 
adults for 
employment 
and future 
learning 


3.1 Increase success in and completion of 
quality postsecondary education. 


1 Increase the transition of high school graduates to postsecondary education by 
supporting states and other entities in the development and implementation of 
programs of study for high-skill, high-demand careers. 

2 Maintain high levels of college enrollment and persistence, while increasing the 
affordability of and accessibility to higher education through effective college 
preparation and grant, loan, and campus-based aid programs. 

3 Prepare more graduates for employment in areas of vital interest to the United States, 
especially in critical-need languages, mathematics, and the sciences. 

4 Improve the academic, administrative, and fiscal stability of Historically Black Colleges 
and Universities, Hispanic-Serving Institutions, and Tribally Controlled Colleges and 
Universities. 

5 Strengthen the accountability of postsecondary education institutions through 
accreditation, evaluation, and monitoring. 

6 Expand the use of data collection instruments, such as the Integrated Postsecondary 
Education Data System (IPEDS), to assess student outcomes. 

7 Promote and disseminate information regarding promising practices in community 
colleges. 


3.2 Deliver federal student aid to students and 
parents effectively and efficiently. 


1 Create an efficient and integrated delivery system. 

2 Improve program integrity. 

3 Reduce the cost of administering the federal student aid programs 

4 Improve federal student aid products and services to provide better customer service. 


3.3 Prepare adult learners and individuals with 
disabilities for higher education, 
employment, and productive lives 


1 Fund a national initiative that will develop expertise in providing support and outreach 
to state and local education systems to improve outcomes for out-of-school youth. 

2 Support a project to develop career pathway demonstration models in local sites, 
extending current secondary-postsecondary models to the adult basic education 
system. 

3 Implement a system used to monitor state VR agencies to improve performance. 

4 Strengthen technical assistance to state VR agencies through improved use of data, 
dissemination of information, and solidified partnerships. 




Information Resources Management (IRM) Strategic Plan 



10 




US Department of Education 



Strategic 

Goals 


Strategic Objectives 


Strategies (Representative Approaches) 


Goal Four: 
Cross-goal 
Strategy on 
Management 


4.1 Maintain and strengthen financial integrity 
and management and internal controls. 


1 Implement risk mitigation activities to strengthen internal control and the quality of 
information used by managers. 

2 Reengineer formula and discretionary grant management processes. 

3 Comply with information security requirements. 


4.2 Improve the strategic management of the 
Department's human capital. 


1 Improve performance culture 

2 Foster leadership and accountability. 

3 Close competency gaps in the workforce. 

4 Improve the Department's hiring process. 


4.3 Achieve budget and performance 

integration to link funding decisions to 
results. 


1 Hold people and programs accountable for budget and performance integration. 

2 Improve performance measurement and data collection. 

3 Use performance information to inform program management and performance. 



Source: U.S. Department of Education Strategic Plan 2007-2012 
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The Department's IRM Strategic Plan is designed to demonstrate how the Department's information 
resources are aligned to support achievement of the Education Mission and Strategic Goals. 

3.2 IT Governance Structure 

The Department's IT governance process ensures alignment of current and future IT initiatives within 
the Department to strategic business objectives. The Department's IT governance process is codified in 
Departmental Directive OCIO 1-106, Lifecycle Management (LCM) Framework. The LCM Framework 
provides the foundation for the implementation of standards, processes and procedures used in 
developing IT solutions. The LCM Framework along with the IT governance process ensures effective 
oversight and management of IT solution development. 

The Department's IT governance process applies to major program/mission critical investments and 
non-major program/mission support investments that are included in the Department IT portfolio. The 
IT governance process ensures that Department's IT investments are managed in a manner that is 
consistent with agency policy and OMB requirements. The IT governance process is managed through 
organizational entities - review boards and subordinate working groups shown in Figure 1. 



Figure 1: The Governance Process at the Department 




More detail regarding the Department's governance process can be found in the Department's EARB 
charter. 
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3.3 Program Offices and EA Segment Alignment 

The Department's enterprise architecture staff has developed a Line of Business (LOB) perspective to 
describe the various business functions that the agency is engaged in across program and principal 
offices. The Department's enterprise architecture also identifies the primary business capabilities for 
each LOB, which drive IT services and investments. Each EA segment architecture describes a 
Departmental Line of Business. 

Figure 2 shows the LOBs in which the Department engages. It provides a visual representation of 
principal offices and their engagement in Department LOBs. 
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Figure 2 Future State Vision at the Department 



The Department's business processes and IT investments are developed to move the Department away 
from a stove-piped environment where capabilities are deployed to meet single program office needs, 
to a cooperative environment, in which common capabilities and services can be employed to meet 
similar program office needs. 



3.4 Segment Architecture 

The Department's enterprise architecture future state business model is established around the 13 
segment architectures for the LOBs. Current and future IT investments, which can span multiple 
program offices, are managed as a portfolio, delivering technical capabilities in support of each 
segment's needs. For example, while OESE and OPE serve very different education segments, K-12 and 
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post-secondary education respectively, the segment mode of delivery remains the same: through 
formula and discretionary grants. The grants mode of delivery of these two offices is very similar in 
terms of process workflow and system support requirements. By focusing on grants management 
capabilities across the enterprise, the Department reduces the need for duplicate systems within each 
program office. 

An enterprise view of the grants segment provides the Department with an ability to develop and utilize 
common business processes and technology for grants management across multiple program offices. 
The segment architecture approach is expected to improve the Department's performance and cut cost 
by aligning business processes and investment activities while eliminating unnecessary duplication of 
processes, investments and technologies. 

The process used to define the Department's 13 segments aligns with the Federal Enterprise 
Architecture (FEA) practice guidance: 



Segment identification applies a variety of internal and external inputs such as the 
agency mission statement, agency strategic goals and objectives, legislative 
mandates, common or shared business and information requirements, and cross- 
agency initiatives described in the Federal Transition Framework (FTF). This process 
organizes and consolidates enterprise assets into logical groups aligned with a 
common purpose (mission area) or common service, and identifies segments in three 
categories: core mission areas, business services and enterprise services. 



FEA practice guidance identifies three segment categories: Core Mission Areas, Business Services and 
Enterprise Services. Figure 3 represents the segments in the Department's enterprise architecture and 
their related service categories. 
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Figure 3 The Architecture Segments Grouped in their Service Areas 



3.5 Key Business Capabilities 

The Department's EA portfolio analysis identified 18 common enabling services (CES) needed at the 
Department. CES's are shared service or business function needs that are common to multiple 
investments and lines of business across the Department - and that can be implemented at an 
enterprise level rather than in isolated business areas. The 18 CES's identified are listed in Table 3. 



Table 3 Common Enterprise Services (CES) 



Service Areas 


CES 


Description 


Performance and 
Productivity Services 


Collaboration 

Management 


Allow people to work together more efficiently by enabling 
greater information sharing. 


Work Management 


Allow the monitoring of activities within a business process. 


Case Management 


Manage the life cycle of a particular claim or investigation 
(include creating, routing, tracking, assignment and closing of a 
case and case handler collaboration). 


Performance 

Management 


Measure the effectiveness of an organization and/or its assets. 


Knowledge and Data 
Services 


Document/ Record/ 
Content Management 


Control the capture and maintenance of an organization's 
documents and files. 


Report Management 


Support the organization of data into useful information. 


Knowledge 

Management 


Support the identification, gathering and transformation of 
documents, reports and other sources into meaningful 
information. 


Data Management 


Usage, processing and general administration of unstructured 
information. 


Customer and 
Interface Services 


Customer 

Management 


Support the retention and delivery of a service or product to an 
organization's clients. 


Portal Management 


Allow customers to proactively seek assistance and service from 
an organization, personalize a user interface, and support the 
search of specific data from a data source. 


Mobility Tools 


Tools that enable mobile computing. 


Research and 
Statistics Services 


Statistical and Analysis 
Tools 


Support the examination of business issues, problems and their 
solutions. 


Survey Design Tools 


Tools enabling the collection of information from customers. 


Survey Management 


Collect useful information from customers. 


IT Services 
Infrastructure 


Operations Support 


Information technology hardware, software and technical 
support for ongoing operations and maintenance. 


Network, Storage, and 
Computing Platforms 


Hardware and software for networking and storage. 


Security & Privacy 


Tools that support confidentiality, integrity and availability. 


SOA, Enabling 
Platforms 


Service Oriented Architecture (Interoperable Standards). 


Other 


Services needed by your investment that can be considered as 
an enterprise service candidate. 
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3.6 Government-wide Mandates 

3.6.1 Open Government Directive 

In the Memorandum on Transparency and Open Government, issued on January 21, 2009, the President 
instructed the Director of the Office of Management and Budget (OMB) to issue an Open Government 
Directive. OMB responded to that instruction with memorandum M-10-06 directing executive 
departments and agencies to take specific actions to implement the principles of transparency, 
participation, and collaboration set forth in the President's Memorandum. This directive was informed 
by recommendations from the Federal Chief Technology Officer, who solicited public comment through 
the White House Open Government Initiative. 

This memorandum requires executive departments and agencies to take the following steps toward the 
goal of creating a more open government: 

1. Publish Government Information Online 

2. Improve the Quality of Government Information 

3. Create and Institutionalize a Culture of Open Government 

4. Create an Enabling Policy Framework for Open Government 

The Department is in compliance with the Open Government Directive and has developed a set of open 
government goals that will align and will drive us toward greater transparency, collaboration, and 
participation with our constituents and partners and within the organization itself. These goals are: 

• Goal 1: Increase the Department's transparency and accountability. 

• Goal 2: Solicit and incorporate more public input into Department operations. 

• Goal 3: Increase collaboration and communication with other organizations. 

• Goal 4: Create a culture of openness within the Department. 

The Department has also identified a senior official to be accountable for the quality and objectivity of, 
and internal controls over, the Federal spending information publicly disseminated through such public 
venues as USAspending.gov or other similar websites. Additionally, the Department will work with 
further OMB instruction, as it is provided, to ensure proper alignment to the directive. 
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3.6.2 Cross-Agency Initiatives Alignment 

The Department's EA Program Office (EAPO) will continue to work with all principal offices to align their 
IT investments to the cross-agency initiatives described in the Federal Transition Framework (FTF) 
Service Catalog. This alignment will comply with the common structure developed for the organization 
of cross-agency initiatives. 



The Department is aligned with the FTF, which encourages agencies to identify opportunities for reuse 
and collaboration for cross-agency initiatives. The Department is actively working to align relevant 
programs/initiatives to this Framework through its Enterprise Architecture Program. 

The Department is actively using the FTF to: 

• Determine the applicability and scope of cross-agency initiatives to the Department. 

• Update the Department's EA Program Plan to incorporate tasks to develop or update agency 
enterprise architecture work products. 

• Update the Department's target enterprise architecture to reflect cross-agency initiatives. 

• Conduct gap analysis between current and target architecture to identify gaps in the current 
implementation of cross-agency initiatives. 

• Update the Department's EA Transition Strategy to incorporate tasks, activities and milestones 
to close gaps between current and target architecture. 

• The Department has reviewed the recently released Federal Transition Framework by OMB to 
identify gaps in cross-agency initiatives that are applicable to the mission of the Department. 
Currently, the Department's target enterprise architecture includes the following cross-agency 
initiatives and incorporates their business, data, technical service technical, and performance 
components. 



3.6.3 Internet Protocol Version 6 (IPv6) 

The Department's IPv6 Transition Milestone Plan is mandated by OMB Memorandum M-05-22. This 
memorandum directed the Department to implement Internet Protocol Version 6 (IPv6) within its 
network. IPv6 is an enterprise transformation driven by business, environmental, and technology 
factors, the scope and impact of which extend well beyond the IT organization. 



Federal Transition Framework (FTF) Catalog Structure 




FTF Catalog 



Section 



Figure 4 Federal Transition Framework (FTF) Catalog Structure 
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Implementing IPv6 represents a strategic opportunity for the Department to provide improved services 
with greater efficiency. IPv6 is an enabling technology that can be used to support a number of the 
Department's business capability requirements, which are aligned with the Department's strategic 
goals. The Department has established an IPv6 working group to monitor the IPv6 transition activities. 

The following table (Table 4) summarizes the key features of IPv6 and the Department business 
capabilities supported by these features: 



Table 4 - IPv6 Features and Supported Business Capabilities Requirements 



IPv6 Feature 


Supported 

Business Capabilities Requirements 


Description 


A larger address space 

IPv6 provides a virtually limitless 
address space thereby overcoming 
limitations of the current IPv4-based 
infrastructure. The Department has 
the opportunity to network-enable 
new types of IT assets, such as remote 
sensors, handheld computing devices, 
mobile phones, and other devices with 
individual and unique IP addresses. 
This will enable direct end-to-end 
connectivity between IP-enabled 
devices and systems. 


Information Dissemination 

Information Clearinghouse 


• Data storage management 
and network facilities 


IT Infrastructure, Identity 
Management 

IT business alignment and IT support 
and governance 


• Common enabling services 


Facilities Management 

Facilities and security services 


• Efficient, reliable facility 
services 

• Safe and secure workplace 

• Asset tracking 


More robust mechanisms for 
prioritizing data traffic 

These mechanisms provide a more 
reliable infrastructure for bandwidth- 
intensive applications such as 
streaming video, voice over IP, near- 
real time collaboration, and others. 


Grants 

Workflow-enabled collaborative 
grants planning 


• Collaborative planning 
within program offices 


Grants 

Collaborative review, etc. 


• Location independent 
reviews 


Evaluation 

Evidence-based planning 


• Collaboration across 
programs to define / reuse 
performance information 


Evaluation 

Consolidated data collection 


• Collaboration tools to 
enable survey / data 
collection support to survey 
participants 


IT Infrastructure 

IT business alignment and IT support 
and governance 


• Common enabling services 


Auto-configuration 

Allows devices to automatically 
configure themselves and join 
networks without requiring centralized 


Compliance 

Case management and workflow 
tracking 


• Apply mobile tools and 
case-worker tools to field 
audits, inspections and 
investigation 
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IPv6 Feature 


Supported 

Business Capabilities Requirements 


Description 


servers to manage them. Mobility 
support built into IPv6 will enable 
devices to remain connected even 
while roaming across great physical 
distances and multiple networks. 
These capabilities will enable flexible, 
decentralized, "plug and play" 
networking that will decrease 
administration requirements and 
provide continuous connectivity. 


IT Infrastructure, Identity 
Management 

IT business alignment and IT support 
and governance 


• Common enabling services 


End-to-end security 

IPv6 incorporates (and requires) end- 
to-end security for all IP traffic directly 
within the network layer, simplifying 
and strengthening network security. 


Evaluation 

Consolidated data collection 


• Secure, multi-channel data 
exchange between the 
Department and data 
sources (web, paper, etc.) 


Research 

Comprehensive data collection, 
sharing and analysis 


• Data exchange between the 
Department and data 
sources through multiple 
secure channels 


IT Infrastructure, Identity 
Management 

IT business alignment and IT support 
and governance 


• Common enabling services 



3.6.4 Identity Management 

As more and more Internet-based online services are being provided to customers, there is increasing 
proliferation of electronic identity credentials, i.e., user ids and passwords, which results in customer 
inconvenience (multiple user IDs and passwords), poor security (repeated use of same password), and 
higher identity management costs (lost password). 

Identity management provides the capability for the Department's customers to use identity credentials 
other than those currently provided by the Department of Education, such as those from the top five 
identity providers: (1) banks, (2) universities, (3) Internet service providers, (4) merchants, and (5) 
employers. The federal government is moving toward the idea of sharing credentials across multiple 
agencies and allowing citizens to use non-government credentials to conduct business with the 
government online. The Department has been a participant in the identity management initiative, part 
of the President's Management Council's E-Government agenda. 

The Department's approach to implementing identity management is to build a solid infrastructure that 
supports shared authentication services across multiple applications. The first building block is the 
Security Architecture infrastructure that includes identity and access management (IBM Tivoli Access 
Manager and Identity Manager suite of products). The Security Architecture provides tools, 
technologies, and policies for identity and access management across the Department. The goal is to 
provide consistent access control, authorization and auditing for applications that integrate with this 
infrastructure. Once the Security Architecture is developed and deployed, the Identity Management 
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infrastructure can be layered on top of it and deployed to any application already in the Security 
Architecture. 

3.6.5 Department ID and Access Control Implementation 

The Department's Office of Management, Security Services entered into an agreement and MOU with 
the Federal Protective Services (FPS) to conduct a threat assessment of all Department facilities 
nationwide. The outcome of the assessment addressed numerous vulnerabilities. The one vulnerability 
that was consistent across the majority of the Department's facilities was Department ID and Access 
Control. The ID and Access Control vulnerability was created because Department did not have a 
consistent approach for managing the vetting and credentialing of individuals requiring access to ED 
information systems and facilities. The Security Office immediately began researching ID card and 
Access Control systems based on the level of protection, cost to the government, and the ability to 
network and control input from a central location. The Department selected DSX security systems based 
on an alternatives analysis. Currently the Department has the DSX security systems (ID Card and Access 
Control systems) installed in and used by employees and contractors in headquarters and regional 
locations. All of these systems are networked to form one system. DSX security systems provide 
complete access control and alarm monitoring for sites, including: 

• Access Control 

• Security 

• Point Monitoring 

• Elevator Control 

• Photo ID Badges 

• Guard Tour 

• Key Tracking 

• Image Recall with Historic and User Accountability Reporting 

• Live CCTV display/control 

• Interface with Paging, CCTV, Parking, Central Station Automated Alarm Systems, HVAC, and 
Elevator Control Systems 

The Department maintains facilities as either privately leased, GSA owned, or GSA leased facilities, all of 
which have staggered lease renewal dates. As facility leases expire, the determination of whether to 
relocate or to extend the present lease will be determined. Security systems for all locations must be 
100% compatible with the existing systems for proper monitoring and access control. 

On August 27, 2004, the President signed HSPD-12 "Policy for a Common Identification Standard for 
Federal Employees and Contractors." HSPD-12 will impact the Department because it has to implement 
the mandatory, government-wide standard for secure and reliable forms of identification for Federal 
employees and contractors. The standard has been issued by the Department of Commerce - the 
Federal Information Processing Standard 201 (FIPS 201). Table 5 shows the Department's HSPD-12 
implementation milestones: 
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Table 5 HSPD-12 Implementation Milestones 


Date 


Implementation Milestones 


06/27/2005 


Implementation plans submitted to OMB 


08/26/2005 


Identify federally controlled facilities, information systems, and other Federal applications that are 
important for security and for which use of the FIPS 201standard in circumstances not covered by 
HSPD-12 directive 


10/27/2005 


Comply with FIPS 201, Part 1 

• Adopt and accredit a registration process 

• Initiate the National Agency Check with Written Inquiries (NACI) or other suitable national 
security investigation prior to credential issuance 

• Include FIPS 201 implementation language in applicable new contracts 

• Develop a plan for current employees / contractors and begin the required background 
investigation 


10/27/2006 


Begin compliance with FIPS 201, Part 2 

• Deploy products and operational systems to issue and require the use of identify credentials for 
all new employees and contractors 

• Implement the technical requirements of the FIPS 201 

• Risk based facility access 

• Use of digital certificates 


10/27/2007 


Verify and/or complete background investigation for all current employees and contractors 


10/28/2008 


Complete background investigations for all employees employed over 15 years 


1/15/2009 


Issue personal identification verification (PIV) Cards to ED employees 


6/15/2009 


Conduct PIV card pilot for physical access 


10/15/2009 


Install logical access control infrastructure 


1/15/2010 


Conduct PIV card pilot for logical access 


3/15/2010 


Production use of PIV card for physical and logical access 


6/2010- 

6/2011 


Continue to enhance physical and logical access controls 
PIV LAC Full Deployment 4Q 2010 
G5 Proof of Concept IQ 2011 
PIV MAC 4Q 2010 (deferred to FY2011) 



4 Goal Two: Shared Technology Capabilities 
4.1 Current Infrastructure 

OCIO's role is to provide a stable technology infrastructure to support the business requirements of the 
Department. Current IT services offered by OCIO focus primarily on the deployment, operations, and 
maintenance of the technical infrastructure. 
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Traditionally, the Department's focus has been on transaction-based systems. Moving forward, the 
Department's technology needs are focused in the areas of collaboration and decision support systems. 

Many of the Department's business functions and staff are involved in the gathering and analysis of data 
and related decision-making (referred to as "knowledge worker" activities) to perform: 

• Planning and policy-making 

• Performance evaluation 

• Information dissemination 

• Compliance 

• Research 

These activities are mostly supported today by simple desktop tools, such as Microsoft Office, and a 
variety of individual applications, personal databases and spreadsheets. Many program offices have 
sought support from OCIO to provide more comprehensive knowledge worker capabilities. In the past, 
OCIO was not equipped or funded to provide much beyond Microsoft Office and occasional prototype 
software, such as e-Rooms for collaboration. 

As a result, many program offices sought software packages and tools or custom designed practices to 
support their knowledge worker needs. Today there are a wide variety of software products owned by 
the Department as a result of program office attempts to acquire knowledge worker solutions. This 
diversity has led to the following challenges: 

• Few of these software products are shared widely across the Department. Instead, the 
Department often finds itself with many separate individual products to support the same 
knowledge worker activity used by individual program offices (or their contractors). 

• Most products are stand-alone and do not integrate easily with each other. 

• The unique solutions using stand-alone products result in knowledge islands in each program 
office, thereby inhibiting the sharing of information across office boundaries. 

• Other products remain unused, as priorities or practices have changed since individual program 
offices acquired the specific tools. 

Often, an individual office will have established a best practice in performing a knowledge worker 
function (e.g., statistical analysis) but such best practices are not shared across program offices. 

4.2 Future Shared Services 

OCIO's role will evolve to provide a broader set of common services to the Department. This future 
direction will position the OCIO to become a provider of enterprise common services beyond basic 
technical infrastructure support. These common services fall into two areas: 

• Centrally supported technology services 
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• Enhanced infrastructure services 

OCIO continues to develop a clear design for what the enhanced set of service offerings will be, how 
these new services will be deployed, supported, and governed. What follows is the Department's 
current thinking around what IT shared services will be offered, based on the business needs, and what 
are the management challenges that OCIO will need to address during the year in order to provide these 
services in an effective and efficient manner. 

4.2.1 Centrally Supported Technology Services 

Three broad categories of IT services are being considered as additional shared services that OCIO will 
offer to the business customers across the Department. The three areas include: 

• IT planning and design services 

• IT solution development and deployment services 

• End-user IT support services 

IT planning and design services will focus on services that support the program offices in effectively 
aligning their business priorities with enabling IT capabilities to further both the POC and the 
Department's overall mission. These services could include: 

• Program office IT planning services in support of multi-year IT investment and project plans that 
provide the maximum benefits of available IT resources to the offices. These services could 
include future state IT visions for POCs, future state concept of operations that identify the role 
of technical capabilities in the processing of the business unit mission, and the development of 
transition strategies and project portfolios that leverage existing and new IT components. 

• Solutions architecture and design services including the definition, description, and high level 
requirements for discrete IT projects and/or the application of common enabling services (e.g., 
workflow and collaboration tools) to solve specific business needs 

IT solution development and deployment services include a full range of services for applying technical 
capabilities to solve office business needs. These services are envisioned to involve custom application 
development services, package installation and deployment services, or individual subject matter 
expertise to support program office development teams (e.g., project management, acquisition 
guidance/support). These services could include: 

• Applications development, enhancement and deployment services (e.g., web applications and 
decision support applications development) 

• Commercial off the shelf (COTS) software package identification, selection, installation, and 
support 

• IT solutions project management and acquisition support services 

The selection and deployment of these services will require OCIO to engage in the following activities to 
provide IT solution development and deployment services: 
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• Development of detailed plans and product recommendations for various types of CES 

• Support to program offices to define relevant knowledge work requirements that will be 
optimally fulfilled by the CES 

• Acquisition, deployment, and operations of COTS products on the infrastructure to provide CES 

• Development of common enterprise-wide solutions or custom-developed solutions for 
individual program offices 

• On-going training, configuration support, help desk and related customer service top program 
office users to maintain or adjust usage of CES 

End-user support services would be provided as a shared service to the Department to fill a key gap in 
the current IT support model at the Department. The future direction for IT at the Department is heavily 
focused on data access and analytical activities in support of the Department's mission. With the 
exception of small pockets within certain organizations, the Department has little expertise in 
supporting its end users in these areas. As the Department moves toward the application of enterprise 
data stores, enhanced analytical tools for end users, and the rollout of common enabling infrastructure 
tools to its knowledge workers, these same knowledge workers will require support to effectively apply 
these new capabilities to their day-to-day efforts. A set of shared services will be provided to deliver 
this support to the end users and could include the following: 

• End user data access, query and reporting support services, including Executive Dashboard 
support services, to ensure the users understand the data available to them, how to access that 
data, and how best to manipulate the data in performing sophisticated analyses 

• Technology/solutions training and support services for end users so the users can effectively use 
the new capabilities and derive value from these investments 

• Enterprise application operations and end user support services (e.g., EDEN and Enterprise Data 
Warehouse application support) involve the basic support for shared applications - efficiently 
delivered as a shared service. Applications that are shared across an organization require 
support that is also shared 

4.2.2 Enhanced Infrastructure Services 

In the future, OCIO will be in a better position to support program office knowledge worker support 
needs by developing, deploying, and supporting a set of application services that align with the business 
needs of the Department's knowledge workers. The Enterprise Architecture Program Office has 
identified five major and 18 subordinate knowledge worker support areas that are relevant in 
supporting the Department's knowledge worker activities: 
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Shared Technical Services 


Common Applications 


Performance and Productivity Services 


• Collaboration Tools 

• Work Management 

• Case Management 

• Performance Management 


Knowledge and Data Services 


• Document Management 

• Report Management 

• Knowledge Management 

• Data Mart / Data Warehouse Tools 


Customer and Interface Services 


• Customer Management 

• Portal Management 

• Mobility Tools 


Research and Statistics Services 


• Statistical and Analytical Tools 

• Survey Design Tools 

• Survey Management (data collection) 


IT Services Infrastructure 


• Operations Support 

• Network, Storage and Computing Platforms 

• Security & Privacy 

• SOA-Enabling Platforms 



Table 6 Department of Education Shared Application Services 



Appropriate solutions will be recommended over time to support program office needs. These 
recommended solutions are often owned by one part of the Department and could be shared with 
others. Preferred solutions would also be interoperable - that is, information gathered and analyzed 
under one tool would be readily available to all other parts of the knowledge worker tool suite just as 
tables or pictures produced in Word can be accessed or pasted into other Microsoft Office products, 
such as Power Point. 

Deployments of these enhanced infrastructure services will provide direct benefits to the end users: 

• Improved knowledge worker performance and quality as best practices and related tools are 
used more widely throughout the Department 

• Improved knowledge worker efficiency as interoperable tools reduce staff needs to perform 
extra work to link data and work products across independent tools or products 

• Reduced software license and support costs as redundant tools are replaced over time by 
common solutions and reduced program office burden as staff no longer need to explore, test, 
select and deploy tools on their own 

This future state architecture emphasizes the delivery of solutions through a combination of sharable 
components rather than through stand-alone systems. On a longer-term basis, these solutions will be 
incorporated into new or enhanced versions of current systems as the Department moves to the future 
state architecture. 

The selection and deployment of such enhanced infrastructure services will require OCIO activities in 
four areas: 

• Development of detailed plans and product recommendations for the various types of CES 
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• OCIO support to program offices to define relevant knowledge worker requirements and 
identify the best way to support such needs through available CES 

• Acquisition, deployment and operation of hardware and software products on the infrastructure 
to provide CES 

• Ongoing training, configuration support, help desk and related customer service to program 
office users to maintain or adjust usage of CES to meet specific end user needs (e.g., 
configuration and use of Microsoft Exchange functionality to satisfy common tracking and 
simple knowledge management business needs) 



4.3 Management Structure for IT Shared Services 

The Department will focus on three key goals for the implementation of additional IT shared services: 

1) Establishing an effective product and service delivery model 

2) Implementing an effective governance model 

3) Supporting the programs to develop a funding strategy 

The service delivery model for shared services will be based on the following set of guiding principles for 
the OCIO's operating model: 

• Promote a supplier-customer relationship between IT and the business units to foster a 
"customer service" culture in IT while maintaining the fiduciary role of OCIO 

• Implement an appropriate funding model for shared services that promotes financial 
transparency so that customers understand the costs associated with the products/services they 
consume, and understand the cost levers available to them (e.g., accept a higher level of service 
for a higher cost to meet special business needs) 

• Introduce a "product-centric" model that integrates multiple disciplines and ensures 
accountability for the products/services offered to the customers. This model would include 
future product strategy, service level options, product refresh plans, etc 

• Separate the product/service planning and development functions (plan/build) from the 
operations functions to allow each to excel in their own individual disciplines and ensure that 
strategic, tactical, and operational imperatives are met 

The product and service model defines roles, responsibilities, and accountabilities for operating the 
shared services at the Department. Some of the management issues include: 

• When should the Department come to OCIO for a service and when should the service be 
contracted-out? 

• What is the role of OCIO in satisfying office-specific business needs and how does that role differ 
if the need is enterprise-wide? 

• How can OCIO maintain its fiduciary role when another organization or entity delivers the 
shared service? 
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• How will the Department decide whether a shared service is to be provided by OCIO or another 
organization (e.g., CFO, IES)? 

• What is the governance model that will address investment priorities, funding mechanisms, 
portfolio effectiveness, service levels for shared services, and adherence/compliance actions? 

• Are there service-specific governance models that are required, i.e., shared applications require 
shared support functions and shared governance? 

• What are the appropriate organizational and contractual vehicles that are required to deliver 
shared services? 

Specific steps to move toward the shared services operating model include addressing the following: 

• Understand and document the needs of the customers for specific products and services that 
can best be developed, delivered, and supported centrally 

• Offer these shared products and services to the business efficiently and at an appropriate level 
of service and cost 

• Install product and service monitoring functions to adjust the product and service mix (i.e., 
specific products, services, new service levels, etc) to reflect changes in the business needs and 
the demand for these products and services 

• Define and adopt a sound management model that allows the organization to effectively 
address the strategic, tactical, operational, and governance issues simultaneously 




5 Goal Three: Information and Technology Management 

5.1 Enterprise Architecture Management 

5.1.1 Purpose 

EA is a both a plan and a process for linking an organization's business needs with the best available 
technology. EA integrates the relevant information resources and the business processes into a 
cohesive whole. Using an EA increases access to shared data, reduces redundant IT efforts, and 
facilitates the use of new technology. EA enables the Department to: 

• Make better investment, design, and implementation decisions 

• Clarify and transform business activities according to the Line of Business vision 

• Integrate existing systems to provide shared services and make use of shared data 

• Increase the level of automation for areas that are currently lacking and could substantially 
benefit from automation 
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• Improve the effectiveness and efficiency of IT investments to better support the Department's 
mission 

The EA process and work products are integrated with and used by the Department's strategic planning, 
capital planning and investment control (CPIC), and performance management processes to ensure 
effective and efficient performance of the IT investments made by the Department. 

The IRM Strategic Plan is fully consistent with development and migration toward the future state 
business and technology model envisioned in the Department's Enterprise Transition Plan. 

5.1.2 Scope 

The Enterprise Architecture comprehensively and strategically describes the Department's before 
(current) and future (target) state architecture as well as the transition strategy to sequence the 
implementation of the Enterprise Transition Plan. 

• From an information technology perspective, the current Departmental business model is stove- 
piped across the program offices, with narrowly tailored IT investments and little collaboration 

• The target architecture is a new business model that promotes common and shared capabilities 
to serve the customers, deliver value, and empower staff 

• The transition strategy describes the close coordination across the Department on the 
sequencing (timing) and integration (inter-dependencies) of the project initiatives in migrating 
toward the target architecture 

• EA guides business and IT strategic planning at the Department 

• EA participates in CPIC select, control, and evaluate phases (cross reference business case 
reviews and content, Exhibit 300 reviews and content 

• EA reviews investments and acquisitions for architectural alignment 

• EA assists in defining program and investment performance measures 

• EA improves understanding of and visibility into the performance and fulfillment of business 
processes by implementing a clear "line of sight" from mission to realized results 

5.1.3 Future Direction 

The target EA describes a future business model that shifts from a program office-specific focus to a 
cross-program office focus, structured along architectural segments that span multiple program offices. 
The segment structure represents a paradigm shift for the Department. The segment architecture will 
reshape the IT portfolio and drive innovation through shared services. 

5.1.4 Key Short Term Goals 

The following short term goals support the future direction: 

• Improve EA Maturity by increasing use of the architecture to support analysis and 
justification as a part of IT capital planning 
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• Prioritize IT investments based on segment architecture goals and objectives 

• Promote the use of the application, data, and technology architecture and standards 

• Implement common enabling services to enable end user capabilities 

• Empower segment owners to make recommendations on strategic IT investments as part of 
the capital planning and IT acquisition management processes 

• Incorporate EA into the Department's investment life cycle management processes 

• Mentor segment owners on clear segment management techniques and strategy 




5.2 Capital Planning & Investment Control (CPIC) 

5.2.1 Purpose 

The Capital Planning & Investment Control IT Investment Management process is a systematic approach 
for managing the risks and returns associated with the IT initiatives. It ensures that only viable 
initiatives are included in the Department's IT portfolio and that the portfolio supports the 
Department's mission and strategic goals. By aggregating the investments into a portfolio perspective, 
CPIC encourages partnerships, enables EA to eliminate duplicative and stovepipe projects, and balances 
project benefits against costs and risks. CPIC also provides effective oversight of the IT projects' costs, 
schedules, and performance throughout their life cycle. Finally, CPIC includes post implementation 
reviews of completed projects to ensure that projects deliver against expectations and to apply lessons 
learned to improve future CPIC life cycles. 

Aligned with Enterprise Architecture, the CPIC process serves as the management control vehicle for 
integrating long range planning with the budget and acquisition processes as the Department develops 
and manages its IT investment portfolio against the Future State Vision of the Enterprise Architecture. 

5.2.2 Scope 

The Department's Capital Planning and Investment Control is implemented through a three phased 
process cycle: Select Phase, Control Phase, and Evaluate Phase. 

• Select Phase systematically screens, scores, and selects major IT investments for funding. The 
Select Phase procedures have been integrated into standard project management activities via 
the development of business cases for internal Investment Review Board review as well as OMB 
Exhibit 300s and Exhibit 53 for external budget submission and review. 

• Control Phase measures and monitors the costs, schedule, performance metrics, and risks 
associated with the major IT investments along the development life cycle. Corrective actions 
are implemented at the first sign of slippages if and when they occur. 

• Evaluate Phase conducts post implementation reviews and operational analyses for investments 
that have exited the system development life cycle into production (steady state). An IT 
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Portfolio Assessment is conducted to identify gaps in the Department's IT portfolio in supporting 
the business mission and implementing the target Enterprise Architecture. The findings will 
become inputs to the subsequent Select cycle for re-prioritizing of next budget cycle's IT 
investments and funding allocation. 

5.2.3 Future Direction 

The Department will continue to institutionalize Information Technology Portfolio Management into the 
Enterprise Architecture and CPIC process. The IT Investment Management (ITIM) program manages the 
CPIC process and provides executives and managers with accurate, up-to-date information on IT 
investment status, including life cycle costs, schedules and performance. The Department's project 
managers of major/significant information technology investments have integrated CPIC procedures 
into their standard project management activities, through business case development, annual control 
reviews and high-risk project status reports and briefings, and refinement and monthly updating of 
project cost and schedule data. Project managers for smaller projects now provide annual 
documentation (Business Case Lights) that encapsulate relevant business objectives, scope, funding and 
expected benefits for their projects. The combination of detailed information about major/ significant 
projects and the Business Case Lights provide the input to the overall IT Portfolio Management review 
session with the Investment Review Board. 

5.2.4 Key Short Term Goals 

Enhance and improve current efforts to further institutionalize IT investment management practices 
across the Department's portfolio of non-major IT investments (i.e., those categorized as "non-major" 
projects, with three year cumulative costs of less than $3.5M). 

Develop modernization plans and completed segment architectures for the Department's thirteen lines 
of business. 

Increase IRB engagement with the Department's IT portfolio through the defining of strategic 
performance objectives, validating the segment modernization plans and the assessment of segment 
performance results. 

5.3 Regulatory Information Management 

5.3.1 Purpose 

Regulatory and Information Management Services (RIMS) ensures Departmental compliance with 
governmental information management requirements in the acquisition, release, and maintenance of 
information. In particular, RIMS supports the following activities within the Department: Freedom of 
Information Act (FOIA), Privacy Act, Records Retention and Management and Information Collection. In 
addition, RIMS provides instruction to ensure that customers are educated and supported in the 
performance of these efforts. 
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5.3.2 Scope 

To accomplish this mission, RIMS is engaged a support contractor and is working to provide better 
service to program offices to: respond to FOIA requests; manage records; become more responsive to 
the OMB clearance process; and establish up-to-date relevant training, guidelines, and directives. 

5.3.3 Future Direction 

With support from outside contractors, the Department conducted a business process improvement 
study of its information collection clearance and records management processes. A report was 
developed to define recommendations for the improvement of those processes. During the next few 
years, RIMS will focus on fully implementing the recommendations that were developed in the business 
process improvement study. 

5.3.4 Key Short Term Goals 

RIMS will complete the implementation of new business processes for FOIA IT Systems, including 
FOIAXpress, and develop a user-friendly document management system capability for the information 
collection clearance process. 

5.4 Information Assurance (IA) Program 

5.4.1 Purpose 

The IA Program is a departmental initiative that serves to ensure the confidentiality, integrity, and 
availability (collectively to protect the security) of the Department's information and information 
resources. One of the basic tenants of the IA Program is to ensure that the Department remains in full 
compliance with the Federal Information Security Management Act (FISMA) of 2002. 

A key component of FISMA compliance is the maintenance of a system/application inventory. The 
Department's Information Assurance team works with Computer Security Officers and 
system/application owners and staff to complete inventory forms to identify the information sensitivity 
of the data and the systems/applications. The mission of the IA Program goes beyond FISMA 
compliance to "enable the protection and continuity of the Department's mission under all 
circumstances." 

5.4.2 Scope 

The IA Program implements its functions through five programmatic elements: 

IA Program Management and Governance: 

• Direct Department-wide information assurance activities 

• Coordinate and interpret security initiatives from OMB, General Services Administration (GSA), 
General Accounting Office (GAO) etc, across the Department 

• Provide the IA strategic vision and goals and closely coordinate tactical execution of security 
initiatives 

Policies, Standards, and Procedures: 
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• Coordinate Department policies regarding authentication and message encryption techniques, 
network and system security, management, operational and technical controls 

• Develop and maintain disaster recovery plan and the OCIO Business Continuity Plan (BCP) 
Security Operations: 

• Coordinate Department IT security incident reporting 

• Develop corrective action plans to address weaknesses disclosed by FISMA reviews, certification 
and accreditation activity, Inspector General (IG) audits, Federal Managers' Financial Integrity 
Act (FMFIA) reviews, etc. 

• Provide support for Department technical security solutions 
Security Training and Awareness: 

• Define IT security curricula, roles and responsibilities 

• Provide specialized training and general security awareness orientation 
Analysis and Assessment: 

• Coordinate activities regarding the Department's Critical Infrastructure Protection (CIP) 

• Coordinate activities regarding the certification and accreditation of IT systems and applications 

• Conduct annual security reviews, such as incident response exercises and continuity exercises, 
and evaluate and measure the effectiveness of security policies, procedures and standards 

5.4.3 Future Direction 

The strategic direction of the IA Program is to align various security services with the Information System 
Security Line of Business (ISS LoB). The IA Program will become a conduit and service provider of value- 
added security services and solutions to its customers. In the out years, the IA Program will begin to 
provide standardized security services and solutions in areas such as: 

• Risk Management 

• Access Controls 

• Identification and Authentication 

• Encryption Solutions 

• Public Key Infrastructure (PKI) Technology 

• Certification and Accreditation 
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5.4.4 Key Short Term Goals 

The IA Program is focused on solidifying practices and procedures that are the foundation to meet 
security compliance initiatives driven by FISMA. IA is moving forward with its Information Assurance 
Program Management Plan (IA PMP) as the vehicle to meet the requirements under FISMA. Some of 
the key short-term goals are: 

• Establishing a process that ensures consistent secure system design and implementation 

• Aligning IA policy, procedures and standards with National Institute of Standards and Technology 
(NIST) guidance and standards 

• Validating the OCIO Business Continuity Plan 

• Configuring the certification and accreditation activity to conform to a general support system (GSS) 
centric model 

5.5 Lifecycle Management 

5.5.1 Purpose 

Lifecycle Management (LCM) is the coordination of activities associated with the implementation of IT 
systems from conception to disposal, through requirements definition, system design and development, 
testing, implementation, and operations. The LCM Framework defines the required stages, gate 
reviews, key activities, and core deliverables along the system development life cycle. It provides a 
foundation for aligning, reviewing, and enforcing the various existing interrelated program 
management, investment management, and contracts and acquisition processes. 

5.5.2 Scope 

The Lifecycle Management is guided by the LCM Framework, which consists of six stages: 

Vision Stage: 

• Develop a Business Case 

• Determine necessary acquisition planning documents for acquiring services and resources 

• Determine high-level requirements and assess feasibility costs 
Definition Stage: 

• Define functional requirements for both business and technical solution 

• Produce high level functional design and detailed solution design 

• Use design documents to guide work in Construction and Validation Stage 
Construction and Validation Stage: 

• Build, test, and validate the solution 
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• Transform specifications from the Definition Stage into an executable solution 

• Validate solution functionality to ensure it meets or exceeds business and technical expectations 
Implementation Stage: 

• Install new or enhanced solution in the production environment 

• Train users and convert data as needed 

• Transition the solution to the end-user 
Support and Improvement Stage: 

• Document operational procedures and practices for solution modification and enhancement 

• Align operational procedures and practices with Department business and technical standards 
Retirement Stage: 

• Execute the systematic termination of the system 

• Preserve vital information for future access and or reactivation 

5.5.3 Future Direction 

Ensure that the Administrative Communication System (ACS) Lifecycle Management (LCM) Directive is 
fully adopted into the development, acquisition, implementation, maintenance, and disposal of IT 
solutions regardless of cost, complexity, and time constraints. 

5.5.4 Key Short Term Goals 

• Finalize ACS directive 

• Develop LCM implementation plan 

• Communicate the LCM Framework to project managers and program managers 

• Begin to conduct deliverable reviews and gate reviews 

5.6 IT Operations and Maintenance 

5.6.1 Purpose 

Information technology operations and maintenance services support all activities related to the 
enterprise information network, to include network security, network and telecommunications design 
and operations, end user services, production server hosting services, and the Department's intranet 
and Internet services. 

5.6.2 Scope 

The scope of the contract is to provide Contractor-Owned Contractor-Operated (COCO) managed 
services for the Department's IT operations, including general cross-functional services, desktop 
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services, helpdesk support services, systems/data center operations services, e-mail, network services, 
disaster recovery services, special services, and printer services. 

• General cross-functional services will be provided to support all operational services defined by 
the contract's performance work statement (PWS) 

• Desktop services and helpdesk support services, e-mail services, and printer services will be 
provided for all users 

• Systems/data center services, network services and disaster recovery services will be provided 
for almost all of the Department's functions. The Department requires reliable access to 
information and applications by internal users, partners, and citizens 

• Special services (including the Institute of Education Sciences (IES) support, Office of the 
Inspector General support, and Employee Relations EDPASS application support) and assistive 
technology will be provided as required 

5.6.3 Future Direction 

The Department replaced the EDNET support services contract with the Education Department Utility 
for Communications, Applications and Technical Environment (EDUCATE) contract. This new contract 
moves the Department to a COCO managed IT infrastructure service model. Other than its data, as a 
result of this migration, the Department no longer owns IT assets, but instead, receives IT services. 

Going forward, Dell Services is responsible for refreshing IT supplies and equipment in accordance with 
an agreed to refresh plan. 

5.6.4 Key Short Term Goals 

The benefit to the government under a COCO managed services performance-based contract is that Dell 
Services owns, maintains, upgrades and refreshes all of the IT infrastructure assets and provides services 
to achieve defined Service Level Agreements (SLA). The SLA's are designed to ensure effective and 
efficient mission support across the Department that is constantly optimized. The COCO Managed IT 
infrastructure service model will provide reliable and high quality delivery of the following services to 
Department staff: 

• Security & Privacy Operations 

• Desktop Services 

• Helpdesk Support 

• Systems/Data Center Operations 

• E-Mail 

• Network Services / Telecommunications / Multimedia Services 

• Disaster Recovery 

• Special Services 

• Printer Services 

The EDUCATE scope encompasses the IT infrastructure optimization initiatives as defined by OMB's E- 
Gov Infrastructure Optimization Line of Business and fully supports the goals established by the 
President's Management Agenda (PMA) and the Federal Enterprise Architecture. 
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5.7 IT Acquisition Management 

5.7.1 Purpose 

The acquisition management process ensures that all Department IT acquisitions are reviewed for 
EDUCATE network compatibility, FOIA compliance, and are accounted for in the Department's CPIC 
portfolio. The process provides review and approval of hardware, software and contracted service 
acquisitions to ensure alignment with software compliance standards and licensing agreements, and the 
Department's IT investment management processes. 

5.7.2 Scope 

Acquisition management offers support throughout the acquisition life cycle: 

• Acquisition Planning Phase - develop acquisition strategy and project plan, identify potential 
vendor, determine best contract vehicle, develop performance work statement, and create 
source selection plan. 

• SOW Review and Clearance Phase - Review of SOWs, independent government cost estimates 
and other supporting contract documents. Acquisition management staff collaborate with 
principal offices during the review process to ensure that each IT acquisition is aligned with the 
Department's network infrastructure, FOIA compliance, policies and standards, and is driven by 
sound business requirements as defined in an approved business case. 

• Contract Formulation Phase - respond to solicitation questions from vendors, evaluate 
proposals, develop questions for vendors during contract evaluation, and recommend best 
value award. 

• Contract Administration Phase - host kick-off meeting with contractor and perform project 
manager or Contracting Officer's Representative (COR) duties to assist Contracts and 
Acquisitions Management (CAM) during contract performance. 

5.7.3 Future Direction 

Institutionalization of review and clearance of performance work statements is key to the future 
direction of IT acquisition management. Continuous review of the Department's IT acquisitions is a 
requirement of the Clinger-Cohen Act for federal agencies to ensure the implementation of an effective 
IT CPIC process. The OCIO Information Technology Acquisition Review and Clearance process is aligned 
with the Select Phase of the Department's Information Technology Investment Management (ITIM) 
process. 

5.7.4 Key Short Term Goals 

Provide guidance across the Department's principal offices and ensure implementation of the IT 
Acquisition Review and Clearance Process. Acquisition management review and clearance affirms that IT 
acquisitions are linked to business cases that define business requirements and objectives and take 
appropriate security, FOIA compliance, and IT operations planning into consideration. 
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